| Author: | Benja Fallenstein |
|---|---|
| Date-Created: | 2003-07-14 |
| Last-Modified: | 2003-07-28 |
| Revision: | 1.2 |
| Status: | Current |
| Scope: | Major |
| Type: | Architecture |
When designing cryptographic protocols, you often need to use cryptographic hashes in one way or another.
Cryptographic hash functions may be broken. As a precaution, current Storm block URIs include two hashes: a SHA-1 and a TigerTree hash.
If one but not both of these is broken, we can select a new, third hash function and extend the lifetime of our URIs through timestamping. (That's patented, but maybe we get lucky and the patent will have expired by the time our first hash function breaks...)
Now, in such a situation, all the (hash, hashed data) pairs must be timestamped in order to remain valid.
If different protocols built on top of Storm store hashed data in different, application-specific ways each, all these protocols must be known in order to reliably do the timestamping. If, however, Storm blocks are always used then a whole pool can be secured by simply timestamping each block in the pool through a simple algorithm.
Therefore, whenever you need a cryptographic hash to be verified, it is best to put the hashed data into its own Storm block.
(An additional benefit is that then, Storm will do the hash checking for you; you don't need to worry about it.)
None.
It is best current practice that a protocol which is part of or based on Storm will, if it needs to verify the cryptographic hash of some piece of data,
- Benja